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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 
A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 . 1 7(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 .17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.114. Applicant's submission filed on 05/22/06 has been entered. 

Claim Rejections - 35 {JSC § 112 
The following is a quotation of the first paragraph of 35 U.S. C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

Claims 1, 20, 3 1, 42-43 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to reasonably convey to one skilled in the 
relevant art that the inventor(s), at the time the application was filed, had possession of the 
claimed invention. 

In the applicants arguments, the applicant argued that Spratte does not disclose or suggest 
generating an output datum that has the characteristic appearance of the valid datum. However, 
the applicant does not disclose, in the specification, what an output datum that has the 
characteristic appearance of the datum means. The examiner was under the impression that this 
meant they are both numbers or both characters, in other words, that their formats are the same. 
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Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 4-20, 23-31, and 34-43 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Pavlov (4,614,861) in view of Spratte (5,764,766) and further in view of 
Stoffel et al (6,205,553 Bl). 

In reference to claims 1, 20, 31, 42-43, Pavlov discloses a system a self-contained card 
that has the ability to verify a personal identification number that is entered directly into the body 
by way of a keyboard (abstract). The self-contained card comprises: (a) a computer- 
implemented input for receiving a input access code (Fig_l part 12 in combination with column 
1 1 lines 60-67); output said datum reproducing said at least a portion of said user's confidential 
datum (TIC) if said input access code equals said user's access code (column 12 lines 15-30); and 
(d) said generation of said output datum occurring without dependence on any storage of any 
form of said at least a portion of said confidential datum (column 12 lines 29-67). 

Although Pavlov discloses the generation of confidential data, TIC, Pavlov does not 
disclose a seed derivation module operatively connected to said input, for deriving a seed usable 
to generate at least a portion of said confidential datum; a seed-based data generation module 
implementing a predetermined data generation protocol that was previously used by a seed-based 
initialization of said confidential datum of said user, containing a representation of a seed-access 
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code relationship, and configured to generate an output datum by digitally processing said 
derived seed in accordance with said seed-access code relationship. 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract). The applicant does not define a data generation 
protocol; as a result, a data generation protocol is a method of generating data. In addition, the 
applicant does not define a seed access code. A value generated using the access code or 
identification number. The system of Spratte includes a seed derivation module operatively 
connected to said input, for deriving a seed usable to generate at least a portion of said 
confidential datum (column 2 line65 to column 3 line 1); a seed-based data generation module 
implementing a predetermined data generation protocol that was previously used by a seed-based 
initialization of said confidential datum of said user, containing a representation of a seed-access 
code relationship, and configured to generate an output datum (encryption key) by digitally 
processing (hashed) said derived seed in accordance with said seed-access code relationship 
(column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system of Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

Pavlov and Spratte do not expressly disclose a system wherein for at least one input 
access code not equaling said user's access code, said output datum has the characteristic 
appearance of said at least a portion of said confidential datum, but said output datum does not 
reproduce at least a portion of said user's confidential datum. 
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Although Pavlov discloses checking the matching of the access code, Pavlov does not 
expressly disclose the output datum has the characteristic appearance of the portion of the 
confidential datum when the input access code is not equal to the user's access code. 

StofFel discloses a system for identifying the user associated with the apparatus for access 
to a given service (abstract). The system contains a representation of a seed-access code 
relationship (in the service provider Fig. 3). Wherein the system is configured to generate an 
output datum by digitally processing said derived seed (A Fig. 3) in accordance with the seed- 
access code relationship (RSA Fig. 3), and said output datum reproducing at least at least a 
portion of said user's confidential datum (A Fig. 3) if said input access code (A Fig. 3) equals 
user's access code (Fig. 3). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to the generation of an output datum as a function of the input access code as in 
Stofell in the system of Pavlov. One of ordinary skill in the art would have been motivated to do 
this because the system may be used for several different applications while guaranteeing the 
integrity of each application (StofFel column 1 lines 20-25). 

In reference to claims 4, 23, and 34, Pavlov discloses a system where said access code is 
a PIN (Fig_7). 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); and said confidential datum 
includes an asymmetric cryptographic key (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system of Pavlov. One of ordinary skill in 
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the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 5, Pavlov does not discloses a system where said output datum has 
the characteristic appearance of an asymmetric cryptographic key. 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); said output datum has the characteristic appearance of 
an asymmetric cryptographic key. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 6, Pavlov discloses a system wherein the access code is a PIN 
(Fig_7). 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); and said confidential datum includes a symmetric 
cryptographic key (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 7, 24, 35, and 36, where said seed-access code relationship is a 
identity relationship, so that said derived seed equals said input access code (Fig__7). 



Application/Control Number: 09/874,795 Page 7 

Art Unit: 2135 

In reference to claims 8 and 25, a system where said seed-access code relationship 
represents said derived seed as a padded version of said input access code. 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); and where said seed-access code relationship 
represents said derived seed as a padded version of said input access code, (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system of Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 9, 26, and 37, Pavlov does not disclose a system where said seed- 
access code relationship includes a version of said initial seed masked by user's access code. 

Spratte discloses a system and method for encrypting data communication comprising the 
generation of an encryption key (abstract); and where said seed-access code relationship includes 
a version of said initial seed masked by user's access code (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 10, 27, and 38, where: (i) said masked version of said initial seed 
includes an XOR of said initial seed with said user's access code; and (ii) said processing of said 
derived seed in accordance with said seed-access code relationship includes XORing said 
masked version of said initial seed with said derived seed. 
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Spratte discloses a system wherein the initial seed (salt) is combined with the user's 
access code (primary key). XOR is a form of combining initial seed with the user's access code. 
The processing of the derived seed (hashing) as disclosed by Spratte only discloses Message 
Digest 5 as an example; therefore XORing is one another possible way to implement a hash 
function. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 77, Pavlov does not disclose a system further comprising program 
code for updating a user's old access code with a user's new access code by replacing said stored 
masked version of said initial seed with its value XORed with said user s old access code XORed 
with id user's new access code. 

Spratte discloses a system further comprising program code for updating a user's old 
access code with a user's new access code by replacing said stored masked version of said initial 
seed with its value XORed with said user s old access code XORed with id user's new access 
code (column 3 lines 29-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 
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In reference to claims 12, 28, and 39, Pavlov does not disclose a system where: (i) said 
seed-access code relationship includes a truncated version of said initial seed capable of being 
concatenated with said input access code to form said derived seed; and (ii) said processing of 
said derived seed in accordance with said seed-access code relationship includes concatenating 
said truncated version of said initial seed with said input access code. 

Spatte discloses combining the salt with the primary key which results in the said seed- 
access code relationship includes a truncated version of said initial seed capable of being 
concatenated with said input access code to form said derived seed. The hash result in the 
concatenation and truncation of the encryption key. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 13, 29, and 40, Pavlov does not dislcose a system where: (i) said 
seed-access code relationship includes values of, and associations between, a plurality of 
possible values of said input access code and a corresponding plurality of possible values of said 
derived seed; and (ii) said processing of said derived seed in accordance with said seed-access 
code relationship includes looking up and outputting said possible value of said derived seed 
corresponding to said input access code. 

Spatte discloses a system where (i) said seed-access code relationship includes values of, 
and associations between, a plurality of possible values of said input access code and a 
corresponding plurality of possible values of said derived seed; and (ii) said processing of said 
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derived seed in accordance with said seed-access code relationship includes looking up and 
outputting said possible value of said derived seed corresponding to said input access code 
(column 3 lines 30-45). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claims 14, 30, and 41, Pavlov does not discloses a system where: (1) said 
seed derivation module is merged with said data generation module; (2) said output datum 
includes said derived seed. 

Spatte discloses a system where: (1) said seed derivation module is merged with said data 
generation module; (2) said output datum includes said derived seed (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system of Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 15, where said confidential datum includes a private key of said 
user, and said output datum has the characteristic appearance of a private key. 

Spatte discloses a system where: said confidential datum includes a private key of said 
user, and said output datum has the characteristic appearance of a private key (column 3 lines 1- 
10). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 16, where said user's public key corresponding to said user's private 
key is pseudo-public. 

Spatte discloses a system where: said user's public key corresponding to said user's 
private key is pseudo-public (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 17, a system further comprising a digital certificate containing said 
pseudo-public key. 

Spatte discloses a system further comprising a digital certificate containing said pseudo- 
public key (column 3 lines 1-10). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 
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In reference to claim 18 where said digital certificate includes an encrypted version of 
said user's pseudo-public key encrypted under a certifier's key which is not verifiable except by 
authorized verifiers. 

Spatte discloses a system with an encryption key (column 3 lines 1-10). The digital 
certificate is a form of security that contains the key and certifies the ownership of the key and 
therefore added security. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to generate a key as in Spratte in the system fo Pavlov. One of ordinary skill in 
the art would have been motivated to do this because it would create keys that meet export 
conditions, but are unique enough to make them difficult to hack. 

In reference to claim 19, Pavlov discloses a system that is configured to be remotely 
accessible to a roaming user across a network (column 9 lines 64-66). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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